Image: iStockphoto/BongkarnThanyakij

Admins tasked with managing Windows clients of all sizes have long known the virtues of implementing Group Policy to manage software and security settings to lock down devices on corporate networks. The flexibility of being able to centrally manage clients by applying policies to devices joined to an Active Directory (Advertizement) domain allows IT pros to get every bit holistic or granular in their management of devices equally necessary.

Due to their intertwined nature, much of the how, when, and why policies become practical volition depend on the design structure of the AD schema and how devices are stored within the organizational units. However, despite our best efforts, admins at one fourth dimension or some other encounter scenarios that require a setup that the existing design structure does non permit for. Other times–such equally in larger forests–policies may only need to be deployed to all devices that meet specific requirements with others that do not see these requirements, effectively ignoring such a policy.

For instances such as these, or those that require a bit more than granularity when deploying to targeted systems or groups of systems, a Windows Management Instrumentation (WMI) filter will be your all-time choice. Past creating a customized filter and assigning it to one or more policies, this will ensure that the respective policies will only act upon devices meeting the criteria expressly stipulated in the filter–regardless of where that policy is linked inside the hierarchy.

SEE: How to choose between Windows, macOS, and Linux (free PDF) (TechRepublic)

Below I've illustrated a few scenarios where WMI filters serve as an constructive manner with which to deploy a policy to a targeted grouping of devices with minimal administrative effort. Additionally, one time WMI filters take been created, they can be accessed and reused equally needed.

Requirements for creating our custom filters

Server running Windows Server 2008 R2 or afterwards and the post-obit roles:

  • Agile Directory Domain Services
  • PC running Windows vii or later
  • Remote Server Administration Tools for Windows
  • Domain Admin credentials

How to create a filter that targets 64-chip OSs but

  1. Launch the Grouping Policy Management Console (GPMC). Modify the domain controller (if necessary) that you wish to create the WMI filter on. Expand the Domains | Domain name | WMI Filters nodes.
  2. Correct-click the root of the WMI Filters node, then click New from the context carte du jour to bring up the window to create a new filter.
  3. In the Name text box, enter a descriptive name of what the purpose of the filter is. Additionally, in the Description text box, you may optionally enter a more detailed description of what deportment the WMI filter volition provide.
  4. Click the Add together push button to populate the Namespace entry. By default, the root\CIMv2 namespace volition be added. Depending on the intended action of the WMI filter, this may or may non change. For the purposes of this exercise, allow'due south exit it equally is.
  5. We volition be modifying the query that is the logic that will exist run against the namespace to create our filtering capability. In this case, in the Query text box, enter the following query:
select * from Win32_OperatingSystem where OSArchitecture = "64-Bit"

6. Click the OK push button to relieve the query, and then click the Save button to save the filter.

How to create a filter that targets Server OSs only

i. Follow steps i-4 for creating a filter that targets 64-bit OSs only (above). Enter the following query:

select * Win32_OperatingSystem where Version like "10.0%" and ProductType ="3"

2. Click the OK button to relieve the query, then click the Save button to relieve the filter.

How to create a filter that targets a specific make/model calculator merely

1. Follow steps ane-4 in the previous section. Enter the following query:

select * Win32_ComputerSystem where Manufacturer = "Hewlett-Packard" and Model = "HP ProBook 640 G2" or Model = "HP ProBook 640 G3"

two. Click the OK button to save the query, then click the Salvage button to relieve the filter.

How to apply WMI filters to Grouping Policy Objects (GPOs)

  1. From the GPMC, navigate to an OU where yous have the desired GPO linked.
  2. Click on the GPO to view its properties. Under the Scope tab, gyre downwardly to the lesser of the window under the WMI Filtering headline.
  3. Past default, the driblet-downwards carte should be set up to <None>. Click on information technology to reveal whatsoever WMI Filters that have been created for that domain and select the filter you wish to add together to the policy to enable it.

Once you become the hang of creating filters and applying them to perform specific tasks on targeted systems, yous can brainstorm to link and chain WMI queries together to form granular filters that drill downwardly to specific devices for nearly endless management scoping capabilities.